You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Please disable SpybotSD’s protection, as it may hinder the removal of the infection. You can enable it after you're clean.

Open Spybot and click on Mode and check Advanced ModeCheck yes to next window.Click on Tools in bottom left hand corner.Click on Resident icon.Uncheck Teatimer box and/or Uncheck Resident.Close Spybot.

***

Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:

Click the Spyware Doctor icon in the System Tray.

Click Settings.

Click Startup Settings under Pick a Category.

Uncheck Run at Windows startup.

Click Apply and Exit Spyware Doctor

Once your log is clean you can re-enable Spyware Doctor.

***

Please also disable Acronis Privacy Expert Suite.

***

Please disable SpySweeper, as it will hinder the removal of some entries. Re-enable it after this advise.To disable SpySweeper Shields

Click Shields on the left.

Click Internet Explorer and uncheck all items.

Click Windows System and uncheck all items.

Click Startup Programs and uncheck all items.

Exit Spysweeper.

***

Please read through the instructions before you start (you may want to print this out or copy it into a word program).

Please download and install these programs - don't run them yet!!

Open Ewido.1. From the main ewido screen, click on update in the left menu, then click the Start update button.2. After the update finishes (the status bar at the bottom will display "Update successful")3. Exit Ewido. DO NOT scan yet.Tutorial if needed

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.Also uncheck "Hide protected operating system files" and uncheck "hide extensions for known file types" . Now click "Apply to all folders"Click "Apply" then "OK"

***

Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.

2. Delete the following files if present:C:\WINDOWS\sdkjh.dllC:\WINDOWS\apizu32.dllC:\WINDOWS\mspu.dllC:\WINDOWS\system32\msne.dll

(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - appsw.exe, appsw.dll, appsw.dat)

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

3. Double click on the HSfix and when asked to merge say yes.

4. Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

5. Run About:Buster. This will scan your computer for the bad files and delete them. It will ask to scan the system again, let it. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

6. Run Ewido Security SuiteClick on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

7. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

I'm finally having some time to try the fix you sent me last week. Oneproblem, though, is that I cannot update any of the sites (ewido, spybot,adaware). I get a notice that "Windows cannot access the specified device, pathor file. You may not have the appropriate permissions to access the item."C:\Documents and Settings\Owner\Local Settings\Temporary Internet Fil... -- thisis at the top of the box which pops up not allowing me to update or installthings. I am a novice when it comes to the inner workings (programs, etc.) so amnot knowing how to work around this, but I'll do what I can and get a HJT log toyou asap. Thanks in advance for your assistance.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:*Click "Options"*Move the arrow down to "Custom CleanUp!"*Put a check next to the following:

Empty Recycle Bins

Delete Cookies

Delete Prefetch files

Scan local drives for temporary files

Cleanup! All Users

Click OKPress the CleanUp! button to start the program.

Once it's done, press Close. Reboot the system. This will remove files that were in use during the scan.

I've tried some of the web sites that gave me problemsand I can now get into them. I also uninstalled thenon-functioning Norton Internet Security/AntiVirus andinstalled AVG free antivirus. Maybe this also made adifference. I can also update SpyBot and AdAware andcan now access Hotmail, and will try other programs.Looks like you got me fixed up.

I'm not quite sure, but I hope this message was after you posted the log. Can you post back here to let me know how things are now?Were you able to do the Housecall scan and the Panda Active scan? Do you have reports or logs for them?